Subject: CVS commit: [pkgsrc-2020Q2] pkgsrc/net/bind911
From: Benny Siegert
Date: 2020-08-28 17:57:47
Message id: 20200828155747.49442FB27@cvs.NetBSD.org

Log Message:
Pullup ticket #6311 - requested by taca
net/bind911: security fix

Revisions pulled up:
- net/bind911/Makefile                                          1.29
- net/bind911/distinfo                                          1.21

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Fri Aug 21 16:09:44 UTC 2020

   Modified Files:
   	pkgsrc/net/bind911: Makefile distinfo

   Log Message:
   net/bind911: update to 9.11.22

   Update bind911 to 9.11.22 (BIND 9.11.22).

   	--- 9.11.22 released ---

   5481.	[security]	"update-policy" rules of type \ 
"subdomain" were
   			incorrectly treated as "zonesub" rules, which allowed
   			keys used in "subdomain" rules to update names outside
   			of the specified subdomains. The problem was fixed by
   			making sure "subdomain" rules are again processed as
   			described in the ARM. (CVE-2020-8624) [GL #2055]

   5480.	[security]	When BIND 9 was compiled with native PKCS#11 support, it
   			was possible to trigger an assertion failure in code
   			determining the number of bits in the PKCS#11 RSA public
   			key with a specially crafted packet. (CVE-2020-8623)
   			[GL #2037]

   5476.	[security]	It was possible to trigger an assertion failure when
   			verifying the response to a TSIG-signed request.
   			(CVE-2020-8622) [GL #2028]

   5475.	[bug]		Wildcard RPZ passthru rules could incorrectly be
   			overridden by other rules that were loaded from RPZ
   			zones which appeared later in the "response-policy"
   			statement. This has been fixed. [GL #1619]

   5474.	[bug]		dns_rdata_hip_next() failed to return ISC_R_NOMORE
   			when it should have. [GL !3880]

   5465.	[func]		Added fallback to built-in trust-anchors, managed-keys,
   			or trusted-keys if the bindkeys-file (bind.keys) cannot
   			be parsed. [GL #1235]

   5463.	[bug]		Address a potential NULL pointer dereference when out of
   			memory in dnstap.c. [GL #2010]

   5462.	[bug]		Move LMDB locking from LMDB itself to named. [GL #1976]

Files:
RevisionActionfile
1.28.2.1modifypkgsrc/net/bind911/Makefile
1.20.2.1modifypkgsrc/net/bind911/distinfo